In a survey of European IT managers, 54% of UK businesses questioned said that they expected a cyber-attack in the next six months. The most likely culprits will be hacktivists/ Anonymous organisations (59 per cent) although almost one third (31 per cent) of those questioned said disgruntled employees would be the source of an attack. Perhaps a surprise is that corporate competitors (35 per cent) are seen as a greater threat than cyber criminals (23 per cent).
The survey, carried out by Opinion Matters, suggests that across Europe there is a very real threat, with most IT and security specialists well aware of the growing sophistication of cyber threats and the types of attackers they face.
Of the 1,020 IT managers surveyed in France, Germany, Spain and the UK, 58 per cent feel that there are more hackers, organised criminal groups and nation state attacks than previously. Only 11 per cent feel that there’s no threat whatsoever, just media hype.
Company file servers and databases are seen as the most vulnerable to attack (34 per cent). Despite this, only 31 per cent of those questioned said that these technologies were most effectively protected by their current security measures.
In terms of what is at risk, personal customer information and customer financial information are the most valuable assets a company has (60 per cent and 50 per cent respectively). For almost three in ten (29 per cent) respondents, intellectual property such as research, patents and designs takes priority.
Malware such as Trojans, rootkits, worms, viruses etc. is the cyber-attack method European security specialists are most worried about (36 per cent). Next to this, drive-by downloads /malicious websites (16 per cent); spear phishing (15 per cent); malicious USBs and devices (15 per cent) and distributed denial of service (DDoS) attacks (14 per cent) are all sources of worry.
What the survey made very clear is that IT and security professionals take their responsibility for reporting security breaches seriously. The vast majority of European firms questioned (88 per cent) agree that cyber security breaches should be disclosed to customers and the public. Furthermore, almost two thirds (63 per cent) feel that additional information should be provided, such as what was compromised, and even how the breach occurred (25 per cent). Only 12 per cent felt that nothing whatsoever should be disclosed.
Most European respondents felt that the security industry will have the biggest impact on improving the state of cyber security through better technology (46 per cent) as opposed to government and law enforcement (13 per cent). Only eight per cent of those questioned felt that individuals or employees at an organisation would have the biggest impact while 34 per cent said it would be the companies themselves through best practices and implementation.
This survey acknowledges the very real threat that IT and security professionals are facing. We are seeing the biggest transfer of intellectual property that the world has ever seen. It’s not just traditional cyber criminals who are looking to steal financial information, but there is a steady rise in the number of organised groups such as hacktivists and nation states who are intent on breaching company security to gain access to customer information or intellectual property.
At a time when it’s easier to steal rather than create information from scratch, it’s imperative that organisations have appropriate systems in place to detect and protect against the rise in targeted and personalised attacks.